As we step into 2023, often, the question “what next” arises in the minds of many. While 2022 was a year full of data breaches, ransomware news attacks, espionage, cyber warfare, and more, to be prepared for the new year, The Cyber Express brought together cybersecurity experts and leaders to forecast what the cybersecurity space cryptocurrency, metaverse, AI-ML, can expect from the year 2023. Read ahead, the Cybersecurity news and Predictions for 2023:
Cybersecurity Predictions for 2023:
Cryptocurrencies will be the focus of the most sophisticated and persistent attacks
The inflationary forces welling up in economies running on ‘fiat currencies (i.e. paper-based promises to pay the bearer a certain amount, backed by the issuing bank) will be attracting increasing interest from investors. Cryptocurrency wallets and exchanges will be targeted by criminals and nation-states.
The FAANGs will be in the dock
The FAANGs (Facebook, Amazon, Apple, Netflix, and Google) will come under increasing scrutiny by regulators around the world, for two reasons: Cloud service availability: a large scale, prolonged cloud service outage will raise questions about concentration risk Market failure: AWS, Microsoft or Google will become embroiled in antitrust concerns as cloud service users become evermore dependent on the 3 service providers that control half the global market.
Ransomware: Less encryption, more legislation
Ransomware and cyber extortion will remain among the top cyber threats in 2023. As cybercriminals’
tactics continue to evolve, they will increasingly favor exfiltrating data over encrypting it for cyber extortion. Governments will continue to strongly advise organizations not to pay ransoms and may even introduce legislation relating to this.
Double extortion ransomware (where a copy of the data is exfiltrated before it is encrypted) has surpassed traditional ransomware as cybercriminals’ extortion tactic of choice. The threat of the exfiltrated data being leaked provides cybercriminals with a secondary lever with which to apply pressure on victims to pay up.
However, as organizations adopt stronger backup and resilience measures, the primary impact is now being caused by the data exfiltration, rather than data encryption. This may lead to some cybercriminals forgoing encryption entirely and refocusing of exfiltration efforts. There have already been notable cases of ransomware which either skipped or faked data encryption.
Phishing: Powered by AI
Machine learning and artificial intelligence have quickly become key technologies in the fight against cyber threats, for example, helping businesses to detect attacks by monitoring network patterns and analyzing anomalies or malicious behaviors. However, as AI has become more advanced and accessible, it has also been adopted by cybercriminals.
Cybercriminals will utilize AI and machine learning in 2023 to power more sophisticated phishing campaigns. Cybercriminals will have access to an ever-growing treasure trove of data, from open-source data such as job postings to personal information leaked in data breaches, with which to craft highly targeted spear phishing lures.
Researchers have already shown how next-generation language models such as OpenAI’s GPT-3 can be used to generate phishing content that “outperformed those that were manually created”. With GPT-4, the next evolution of the language model, rumored for release in 2023, the threat of AI powered phishing becomes more severe.
5G and satellite connectivity will bring online new areas of the world
And this will have consequences: together with these come both positive opportunities for the most poverty-stricken areas, and opportunities for some of the people to go to a life of cybercrime.
And there are no laws in those areas that would help curb this. Reliable, ubiquitous connectivity enables more sustainable working patterns, reducing the carbon footprint of commuters and potentially improving our productivity.
The metaverse will dispel our remote working blues
The metaverse – a virtual-reality space in which users can interact with a computer-generated environment and other users – will increasingly be seen as an alternative to costly offices, pinned to a single location. New techniques will be developed to communicate a profound, consistent understanding of complicated, multi-dimensional narratives.
The metaverse will go some way to overcoming the limitation of online interaction. Security will follow in the wake of these developments and until it catches up, it will be difficult to verify that participants are who they claim to be and the experience each person receives is authentic, and free from manipulation.
Hybrid work model will require smart digital forensics for in-house investigations
India remains one of the most challenging economies when it comes to protection and enforcement of intellectual property. Coupled with the new hybrid work model, in house investigations have become doubly challenging as insider threat poses serious threat to businesses.
When conducting a covert investigation, to detect if any user has been stealing proprietary information, it’s no longer a case of physically borrowing that laptop. Organizations need to obtain remote access to that device, scan and image it quickly. What Indian businesses need are digital forensics solutions that centralize data and analyze it so it can be sent to relevant investigative teams.
These solutions will be a gamechanger in 2023 as businesses veer towards workflow automation to cut costs amidst turbulent economic conditions.
Bots will take over the internet and learn to target APIs
By the end of 2023, half of all internet traffic will not come from a human. What’s more, two-thirds of all bad bot traffic will be considered moderate or advanced, making these automated threats harder to detect and stop.
In 2023, APIs will become the prime target for bad bots. Seen as signposts to sensitive data, 2022 saw vulnerable APIs cost businesses $75 billion a year. This problem is only going to worsen in 2023 as API defences often overlook automated threats.
Bots will become a persistent threat that organizations need to look out for or risk data leakage. The challenge is that tried-and-ested methods of defeating bots may not work. For instance, returning a CAPTCHA challenge to an API request breaks the calling application.
Businesses need to use machine learning to differentiate normal API behaviour from malicious traffic, and to understand what data should be transmitted through the API. Organizations will face an uphill battle mitigating automated attacks targeting their API libraries until bot management and API security are used correctly.
Read 30+ experts take on the top cybersecurity predictions for 2023. Find out what trends and threats to watch out for in the coming year and how to protect yourself and your organization from cyber attacks. Subscribe to our Magazine
Latest Issue is Out
Stay ahead of the curve in the world of cybersecurity with the latest predictions from industry experts. In this Issue, we’ve compiled insights and interviews with top experts to give you an exclusive look at the trends and threats expected to shape the field in 2023.